Proposed Changes to FTC COPPA Rule

Posted by fgilbert on August 1st, 2012

The FTC has issued a NPRM seeking comments on proposed changes to the COPPA Regulations. These changes are intended to take into account the evolution of web technologies, such as plug-ins and the use third party cookies and ad networks; they would also clarify some of the requirements for websites that contain child-oriented material that may appeal to both parents and children. This new NPRM pertains to changes to the COPPA Regulation that diverge from previously proposed changes that the FTC presented in its September 2011 proposal.

Expansion of the definitions of “operator” and “website or service directed to children”

The proposed changes to the definitions of “operator” and “website or online service directed to children” would clarify that an operator that integrates the services of third parties that collect personal information from visitors of its site or service would itself be considered a covered “operator” under the Rule. Further, an ad network or plug-in would also be subject to COPPA if it knows or has reason to know that it is collecting personal information through a child-directed site or service.

Clarification of the definition of “personal information”

The proposed change the definition of “personal information” would make it clear that a persistent identifier – e.g., a persistent cookie – would be deemed “personal information” subject to the Rule if it can be used to recognize a user over time or across different sites or services.

However, the use of tracking technologies or identifiers for authenticating users, improving navigation, for site analysis, maintaining user preferences, serving contextual ads, and protecting against fraud and theft would not be considered the collection of “personal information” if the collected data is not used or shared to contact a specific individual, e.g. for behaviorally-targeted advertising.

Mixed audience websites

The proposed changes would also clarify that mixed audience websites that contain child-oriented content and whose audience includes both young children and others, including parents, would be allowed to age-screen all visitors in order to provide COPPA’s protections only to users under age 13. However, those child-directed sites or services that knowingly target children under 13 as their primary audience or whose overall content is likely to attract children under age 13 as their primary audience would still be required to treat all users as children